"The UEFI secure boot mechanism has been the source of a great deal of concern in the free software community, and for good reason: it could easily be a mechanism by which we lose control over our own systems. Recently, Red Hat's Matthew Garrett described how the Fedora distribution planned to handle secure boot in the Fedora 18 release. That posting has inspired a great deal of concern and criticism, though, arguably, about the wrong things."

I believe that all this will make hard to me to clean the mess that enter the "Microsoft Windows opened" and also will make it more expensive, time and money wise.

For the time being, you will be able to disable secureboot in the UEFI menu somewhere. Fedora's issue with that solution is that UEFI isn't standardized, so they can't tell their customers 3 simple steps to unlock the device.

My bet is the MS wants to fight the piracy more effectively, that the system would be strengthened against attacks is probably a side effect.

There's a NIST paper on securing systems which also includes firmware level attacks. I'd expect that secureboot has something to do with that rather than licensing concerns - they might need to lock that area down to be able to pass the next level Common Criteria certification.

The issue is also more pressing with UEFI than with BIOS since UEFI is so much more powerful than BIOS - you can load rather arbitrarily sized 32bit modules (built by a modern C compiler), which have access to everything a modern OS provides (threads, networking, plenty of memory). With "UEFI Shell" they basically admitted that UEFI _is_ an Operating System (whose main purpose - for now - is to load another OS).

This cozy environment simplifies attacks somewhat compared with the old BIOS situation.